Partnership and threat intelligence sharing to disrupt cybercrime

Cyber risk is escalating, and so are the consequences of being struck by a cyberattack. In recent years, we have seen cybercriminals team up in search of skilled hackers and advanced tools to further evolve their craft. They are building their own ecosystems and supply chains to be more effective. Partnerships and cooperation on the defense side are our best weapon in the fight against cybercrime. Partnerships are a great exercise in building trust, which in turn is important for sharing information and creating relationships. We spoke with Vishak Raman, Vice President, India, SAARC and Southeast Asia at Fortinet on threat intelligence sharing and launch of Atlas cybercrime initiative. 

DQ: Why are cyber security partnerships so important today?

Vishak Raman: Cybercrime impacts everyone from individuals to global corporations and critical infrastructures and governments. It causes immense, though not always visible, damage to economies and societies. It helps take the fight to adversaries and creates a more unified front.

Adversaries must find one weakness while defenders have to protect everything, ensuring that not even a single weakness is found. By sharing threat intelligence and working with other threat intelligence organizations in a cybersecurity partner program, it helps improve protections for customers and enhances the effectiveness of the entire cybersecurity industry.

As part of our CSR efforts at Fortinet, we believe it is important to work to reduce cyber risks for society. This is also a part of helping organizations create cyber security resilience and hardening of their infrastructure.

DQ: Can you give a brief overview of the difference between global threat partnerships and threat sharing? Why are the two important in the fight against cyber adversaries?

Vishak Raman: There are a lot of silos in the industry and no one person or organization has a view into all the threats that are out there. Collaboration and partnership are key. Threat sharing is important to enable quick mobilization of protections for customers across many vendors and to help break down technical barriers to enabling protections. Many organizations focused on this are focused on a particular sector or goal. Broader global partnerships are important when it comes to driving change and behaviours and are built on a foundation of trust.

In addition, partnerships are also focused on bi-directional sharing of knowledge and information. It is important to focus on surrounding adversaries with cybersecurity disruption at as many points in their ecosystem as possible. Everyone has a role to play in this scenario, including end-users. However, this must be accompanied by proper training, good education, and cyber awareness.

By sharing threat intelligence and working with other threat intelligence organizations, it helps improve protections for customers and enhances the effectiveness of the entire cybersecurity industry.

DQ: What do Fortinet and FortiGuard Labs do in regard to partnerships?

Vishak Raman: At Fortinet and FortiGuard Labs, there is a huge focus on going beyond our own research to lead, interact, share, and foster the sharing of actionable threat intelligence. FortiGuard Labs is committed to partnerships and cooperation with global law enforcement, government organizations, and industry organizations.

Fortinet invests meaningful resources in global partnerships, including the MITRE Enginuity Center for Threat Informed Defense (CTID). Fortinet is also a long-standing member of the NATO Industry Cyber Partnership (NICP), are active contributors and members of INTERPOL Gateway, is a founding member of the Cyber Threat Alliance (CTA), and more.

Fortinet is also proud to be one of the founding partners of the WEF Centre for Cybersecurity and an active contributor of its Partnership against Cybercrime (PAC). The Cybercrime Atlas effort is about driving real impact and is a coordinated effort to disrupt cybercrime.

DQ: 

Can you give an example of how partnerships have helped disrupt cybercrime?

Vishak Raman: Fortinet has been an active member of the Global Cybercrime Expert Group and trusted partner to INTERPOL dating back to 2015 and became an INTERPOL Gateway partner in 2018. This ongoing collaboration has resulted in greater threat intelligence standards and protocols across the industry as well as impactful global cybercriminal takedowns.

Fortinet was one of several private sector companies that provided support to an INTERPOL-led operation targeting cybercrime across the ASEAN region, resulting in the identification of nearly 9,000 command-and-control (C2) servers as well as hundreds of compromised websites, including government portals. We also assisted a cyber investigation coordinated by INTERPOL, providing threat intelligence and analysis to help uncover a group of online fraudsters behind a BEC (business email compromise) scam totalling more than $60 million in thefts and involving hundreds of victims worldwide.

The Africa Cyber Surge Operation is a shining example of how shared threat intelligence on threat actors and joint operations across trusted partners can increase the cyber resilience of an entire region. It also shows how valuable cybersecurity training and education is to help close the cyber skills gap and effectively disrupt cybercrime at scale.

In short, successfully fighting cybercrime requires collaboration between both the private and public sectors. But as good as our cybersecurity partnerships may be today, we need to continue to deepen our private-public relationships further as we continue to fight cybercrime.